question

I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?

I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.

Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.

background

(why I am looking for it?)

The key aspect here is security.
While ubuntu offers security in many aspects

LUKS (Linux Unified Key Setup) for disk encryption

AppArmor MAC (Mandatory Access Control) for zero day attacks

gnupg (Gnu Privacy Guard) signatures, safe mail communication

it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:

The X server allows an X client to:
- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text

The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ... on gnome-terminal you might have done enough to give away remote root access.

1 Answer
1

Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.

It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.

DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.

thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
–
humanityANDpeaceMar 26 '13 at 19:14